FIDO Metadata Clarifications

56 views
Skip to first unread message

Thamindu Dilshan Jayawickrama

unread,
Mar 21, 2022, 12:59:30 AMMar 21
to FIDO Dev (fido-dev)
Hi All,

We've been trying to implement the FIDO MDS3 support on our identity server product to pass FIDO2 compliance tests. In the process, I have ended up in the following questions/ doubts regarding the procedure and would like to obtain some clarification.
  1. When running metadata tests, we must submit our server url to https://mds3.certinfra.fidoalliance.org/ and add the provided MDS endpoints to the server. As for my observations, these MDS endpoints are unique to the server url. We can configure these urls permanently in the server and fetch them once every month assuming data at these endpoints will be updated. Is that correct?
  2. Should we provide all of these MDS endpoints (I have noticed a total of 5 endpoints) to the server when initializing certificate path validations (I'm using the java webauthn4j library)? The reason to ask this question was, I have noticed runtime exceptions due to invalid metadata BLOB signatures corresponding to some endpoints. Also, the MDS3 spec mentioned about having one metadata JSON file. What is the purpose of these multiple service endpoints?
  3. My another observation is that, the mds endpoints obtained by submitting the server url to https://mds3.certinfra.fidoalliance.org/ contains some test metadata which only relates to the conformance testing. Does that mean there's no need to keep these mds endpoints in the server permanently and can obtain some fixed endpoints with the actual data after obtaining the FIDO certificate?
  4. Also, we’ve been using an adapter to perform communications between the tool and the server. In that case, what is the server url we should publish to https://mds3.certinfra.fidoalliance.org/? We are currently using the adapter url as the server url in the conformance tool.
Your help is highly appreciated.

Thanks in advance.

Regards,
Thamindu
Reply all
Reply to author
Forward
0 new messages